Certified Information Systems Security Professional

Here you have the best ISC CISSP practice exam questions

  • You have 484 total questions to study from
  • Each page has 5 questions, making a total of 97 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 15, 2024
Question 1 of 484

Physical assets defined in an organization's business impact analysis (BIA) could include which of the following?

    Correct Answer: D

    Physical assets are tangible resources necessary for the operation of a business. Supplies kept off-site at a remote facility fit this definition because they are tangible items that could be necessary for business continuity or recovery in case of a disruption. Personal belongings of staff members, disaster recovery line-item revenues, and cloud-based applications are not considered physical assets within a business impact analysis.

Question 2 of 484

When assessing the audit capability of an application, which of the following activities is MOST important?

    Correct Answer: B

    When assessing the audit capability of an application, the most important activity is to determine if audit records contain sufficient information. This is because the primary purpose of an audit is to create a detailed record of activities that can be useful in identifying and investigating suspicious or inappropriate activities. Without sufficient information in the audit records, it would be impossible to effectively review and analyze the activities logged, rendering the audit capability ineffective regardless of other factors such as storage capacity or procedures for investigating suspicious activity.

Question 3 of 484

An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement?

    Correct Answer: A

    Role-based access control (RBAC) is the best choice for an organization looking to simplify the assignment of system access permissions for many users with similar job responsibilities. RBAC assigns permissions based on roles rather than on an individual basis. This means that users with similar job functions can be grouped under the same role, and the corresponding permissions are assigned to that role. This approach streamlines the management of access controls, making it easier to grant and revoke permissions as users change roles within the organization.

Question 4 of 484

What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?

    Correct Answer: A

    Jurisdiction is hard to define. Cybercrime frequently spans multiple geographic regions and legal jurisdictions, which makes it challenging to determine which law enforcement agency has the authority to act. Different countries have varying laws and regulations regarding cybercrime, complicating the process of investigation and prosecution. This issue of jurisdictional ambiguity is the primary barrier to effectively enforcing criminal law in the realm of cybercrime.

Question 5 of 484

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

    Correct Answer: A

    Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using the Extensible Authentication Protocol (EAP). EAP is an authentication framework frequently used in wireless networks and point-to-point connections. It supports multiple authentication methods, such as token cards, Kerberos, and certificate-based systems, thereby enhancing security in WPA2 implementations.